> While we're on the subject of git security...should we stop > recommending that non-account-holders use git:// (most efficient, but > insecure against MITM unless you manually check the commit number) in > preference to https:// (at least some security)? > https://wiki.debian.org/Alioth/Git#Accessing_repositories
https:// is actually just as efficient as git:// these days (other than the minor overhead of TLS, which is worth it for security). See "man git-http-backend" for details on the "smart" HTTP protocol, which uses the same protocol as git:// . - Josh Triplett -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150525183805.GA2452@x